Continuing this blog series on Oracle E-Business logging and auditing, Integrigy’s log and audit framework is based on our consulting experience. We have also based it on compliance and security standards such as Payment Card Industry (PCI-DSS), Sarbanes-Oxley (SOX), IT Security (ISO 27001), FISMA (NIST 800-53), and HIPAA.

The foundation of the framework is the set of security events and actions that should be audited and logged in all Oracle E-Business Suite implementations. These security events and actions are derived from and mapped back to key compliance and security standards most organizations have to comply with. We view these security events and actions as the core set and most organizations will need to expand these events and actions to address specific compliance and security requirements, such as functional or change management requirements.

Table 1 presents the core set of audits that, if implemented, will serve as a foundation for more advanced security analytics. Implementing these audits will go a long way toward meeting logging and auditing requirements for most compliance and security standards like PCI requirement 10.2. The numbering scheme used in Table 1 will be referenced throughout the framework.

Table 1 – Foundation Events for Logging and Security Framework

Security Events

and Actions

PCI

DSS 10.2

SOX (COBIT)

HIPAA

(NIST 800-66)

IT Security

(ISO 27001)

FISMA

(NIST 800-53)

E1 - Login

10.2.5

A12.3

DS5.5

DS5.6

DS9.2

164.312(c)(2)

A 10.10.1

AU-2

E2 - Logoff

10.2.5

DS5.5

DS5.6

DS9.2

164.312(c)(2)

A 10.10.1

AU-2

E3 - Unsuccessful login

10.2.4

DS5.5

DS5.6

DS9.2

164.312(c)(2)

A 10.10.1

A.11.5.1

AC-7

E4 - Modify authentication mechanisms

10.2.5

DS5.5

DS5.6

DS9.2

164.312(c)(2)

A 10.10.1

AU-2

E5 – Create user account

10.2.5

DS5.5

DS5.6

DS9.2

164.312(c)(2)

A 10.10.1

AU-2

E6 - Modify user account

10.2.5

DS5.5

DS5.6

DS9.2

164.312(c)(2)

A 10.10.1

AU-2

E7 - Create role

10.2.5

DS5.5

DS5.6

DS9.2

164.312(c)(2)

A 10.10.1

AU-2

E8 - Modify role

10.2.5

DS5.5

DS5.6

DS9.2

164.312(c)(2)

A 10.10.1

AU-2

E9 - Grant/revoke user privileges

10.2.5

DS5.5

DS5.6

DS9.2

164.312(c)(2)

A 10.10.1

AU-2

E10 - Grant/revoke role privileges

10.2.5

DS5.5

DS5.6

DS9.2

164.312(c)(2)

A 10.10.1

AU-2

E11 - Privileged commands

10.2.2

DS5.5

DS5.6

DS9.2

164.312(c)(2)

A 10.10.1

AU-2

E12 - Modify audit and logging

10.2.6

DS5.5

DS5.6

DS9.2

164.312(c)(2)

A 10.10.1

AU-2

AU-9

E13 - Objects:

Create object

Modify object

Delete object

10.2.7

DS5.5

DS5.6

DS9.2

164.312(c)(2)

A 10.10.1

AU-2

AU-14

E14 - Modify configuration settings

10.2.2

DS5.5

DS5.6

DS9.2

164.312(c)(2)

A 10.10.1

AU-2

Integrigy’s Framework for Oracle E-Business Suite logging and auditing is fully documented in our whitepaper. The whitepaper is available for download in the link referenced below.